Merge remote-tracking branch 'prism/master'

1 files changed, 16 insertions, 3 deletions

diff --git a/lass/2configs/yubikey.nix b/lass/2configs/yubikey.nix
index e6482c58c..9ab6b6ccb 100644
--- a/lass/2configs/yubikey.nix
+++ b/lass/2configs/yubikey.nix
@@ -2,16 +2,29 @@
 {
   environment.systemPackages = with pkgs; [
     yubikey-personalization
+    yubikey-manager
   ];
 
   services.udev.packages = with pkgs; [ yubikey-personalization ];
   services.pcscd.enable = true;
+  systemd.user.sockets.gpg-agent-ssh.wantedBy = [ "sockets.target" ];
+
+  ##restart pcscd if yubikey is plugged in
+  #services.udev.extraRules = ''
+  #  ACTION=="add", ATTRS{idVendor}=="04d9", ATTRS{idProduct}=="2013", RUN+="${pkgs.writeDash "restart_pcscd" ''
+  #    ${pkgs.systemd}/bin/systemctl restart pcscd.service
+  #  ''}"
+  #'';
 
   environment.shellInit = ''
-    if [ "$UID" -eq 1337 ]; then
+    if [ "$UID" -eq 1337 ] && [ -z "$SSH_CONNECTION" ]; then
       export GPG_TTY="$(tty)"
-      gpg-connect-agent /bye
+      gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
       export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+      if [ -z "$SSH_AUTH_SOCK" ]; then
+        export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
+      fi
+
     fi
   '';
 
@@ -19,7 +32,7 @@
     ssh.startAgent = false;
     gnupg.agent = {
       enable = true;
-      enableSSHSupport = true;
+      # enableSSHSupport = true;
     };
   };
 }